The BYOD Revolution

The 'Bring Your Own Device' Concept has many IT departments scrambling to develop mobile tech policies

“Mobile is the cornerstone of true meaningful use.”

That is according to Kevin Larsen, M.D., chief medical information officer and associate medical director of 420-bed Hennepin County Medical Center in Minneapolis, Minn. Speaking at a mobile health conference last year, Larsen described how Hennepin has pushed its Epic (Verona, Wisc.) EHR implementation out to physicians’ mobile devices, to provider teams in the field, and to patients through a smartphone patient portal application.

“The future of healthcare is convenience, integration, and connection with best evidence,” Larsen says. “To deliver financial value and efficiency, we need to get information and tools to where they are needed.”

But a recent survey by the Health Information and Management Society (HIMSS) hints at some of the challenges CIOs are facing before realizing the potential of mobile devices. While approximately 75 percent of those surveyed said their organization allows clinicians to access clinical data via a mobile device, only 38 percent have a policy in place that regulates the use of mobile devices and outlines a mobile strategy. Just less than half of the respondents indicated their organization supports personal devices owned by the end-user, and which are enabled by the organization to support daily work activities.

The rapid adoption of consumer-oriented devices by clinicians has blindsided many IT leaders, who now have to make some tough choices as they formulate policies, says Edna Boone, senior director of mobile initiatives for HIMSS. CIOs are tackling security, remote data access, and use of personal devices. “If they allow clinicians to use many types of devices, then it might become a support headache,” Boone says. “But they also must weigh the benefits of standardization versus the risk they might slow adoption.” A HIMSS task force has developed a mobile privacy and security toolkit and guidance about mobile device management software, she adds. HIMSS is also closely following the U.S. Food and Drug Administration plans to regulate a subset of mobile medical apps, generally those that have sensors that attach to the patient or that serve as an adjunct viewer for an already-regulated system.

Some healthcare leaders are confused about how to proceed, and the clinicians are beating the IT people to the punch. CIOs have to decide if they are going to support BYOD or not, says Fran Turisco, a director with Pittsburgh-based consulting firm Aspen Advisors. They need to decide which operating systems and devices they will support, and what encryption or middleware they have to put on the devices, she adds. Decisions also need to be made about internal application development and perhaps a catalog of commercial apps that the IT group will support.

Fran Turisco

“But they need to put these policies in place quickly. They can’t tell physicians they will get back to them with a policy and governance structure in six months. You have to do it in two months or less, I would say, or else you lose their attention.”

But IT teams that already have full plates may struggle to develop mobile policies quickly, says Dan Garrett, principal and health information technology practice leader at New York-based PwC Consulting. Every provider IT shop is going through meaningful use and ICD-10 implementations. “They are very busy and distracted,” Garrett says. “Plus, there aren’t a lot of common infrastructure tools that are good, clean one-stop shops to deal with encryption and device management and other issues, so this is not an easy fix.”

Kenneth Kleinberg, senior healthcare director for health consulting and research firm the Washington, D.C.-based The Advisory Board Company, sees BYOD as the No. 1 issue in terms of mobility. “IT teams that had expertise in managing desktops and laptops for 20 years are all of a sudden facing a whole new challenge with the profusion of mobile devices and the choices they have to make in terms of supporting all the apps becoming available,” he says. “CIOs have to figure out which to support and how they co-mingle with enterprise apps, and what mobile carrier to use.”

There is no single common industry-wide approach because every hospital is coming at it from a different starting point, and that may depend on whether the physicians are employees or merely affiliated, Kleinberg says. “One CIO at a recent meeting told me, ‘If I told physicians they couldn’t bring their own mobile devices, I’d be shot.’”

Some CIOs are ultraconservative, while others put up kiosks in their hospitals to recruit physicians to bring their own mobile devices because that enhances the perception that they are cutting edge and supportive. The ones who are slower know they will have to adapt sooner or later, Kleinberg adds.

Despite all the activity in the mobile sector, Kleinberg says there is still an underestimation of its impact on healthcare quality and business process improvement. “The value of devices being always on and connected vs. having to wait in a hallway to log on or fire up a laptop will be significant.”

PwC’s Garrett agrees that it is important to keep the focus on business process improvement. “Sometimes we get lost in the technology and the shiny new toys and forget about why we are doing this,” he says. “But as much as they contribute to convenience and simplicity and make work easier, mobile devices will continue to have an impact. And on the consumer side, mobile tools that contribute to convenience and make it easier for providers, consumers, and payers to communicate are already being successful and commanding more market share.”